2. Introduction

There are currently a few alternatives to using Cryptoloop. Loop-AES (http://loop-aes.sourceforge.net)
is probably the most well-known. It provides very similar functionality to Cryptoloop. Aes-loop
is currently more mature than Cryptoloop and it is also faster (about twice as fast, according to the author of loop-AES), because it uses a highly
optimized assembler implementation for
AES. This doesn't mean that Cryptoloop is slow. I have not noticed any significant speed differences between a Cryptoloop-encrypted
partition and a non-encrypted partition during everyday work with normal amounts of I/O. Unless I/O performance is
extremely important to you, Cryptoloop should do just fine. Loop-AES offers some additional features that are not yet present in the kernel
implementation of Cryptoloop. Loop-AES requires modified userspace tools (mount, losetup) and these modifications are incompatible with
Cryptoloop. You will not be able to use Cryptoloop and Loop-AES at the same time.

In terms of security, Cryptoloop is doing ok. The key is usually generated from a password and its hash is used as the key to AES. This leads
to the possibility of a known-plaintext attack.
Loop-AES is superior in this regard, because it generates a random key and encrypts this
key separately, making a known-plaintext attack more difficult. Loop-AES also supports a multi-key mode, where sectors are encrypted with
64 separate AES keys. In general, a brute-force attack on your password can be very effective, if you choose a weak password. To be on
the safe side, your password should be at least 20 characters long. Otherwise a brute-force attack on the password will be much easier
than trying to brute-force the AES encryption directly.

The Cryptoloop functionality in the standard kernel provides a stable and clean implementation without the need for extra patches. Since it
is still fairly new, it may not have gotten the necessary amount of review in terms of security. You have to decide for yourself what
is suitable for you.

IMPORTANT: Cryptoloop has been marked deprecated in the latest 2.6 kernel. This means that it will no longer be maintained actively. The
successor to Cryptoloop will be dm-crypt. Dm-crypt is available in the main kernel
since 2.6.4. Cryptoloop will still be available in the main kernel for a long time, but dm-crypt will be the method of choice for disk
encryption in the future. Dm-crypt is based on the device mapper and offers pretty much the same functionality as Cryptoloop. It is still
very new and there are no easy-to-use userspace tools available yet. Dm-crypt is considered to be much cleaner code than Cryptoloop, but
there are some important differences. For example, creating an ecrypted filesystem within a file will still require to go through a loop
device, but this support is still in development.

There are other tools which allow you to create an encrypted file system. BestCrypt is a commercial product from Jetico. It allows you to
create encrypted containers and has a large choice of ciphers. It also offers some nifty features such as hidden containers. It is available
for Windows and Linux, which makes it suitable for interchanging encrypted containers between Windows and Linux. BestCrypt now compiles
on 2.6 kernels as well. Cryptoloop can also create containers that can be moved around, by creating the encrypted file system
within a file as described below. I don't know of a way to access the Cryptoloop-encrypted files from other operating systems such as Windows. In
this case, BestCrypt may be your only choice.

There are other commercial disk encryption tools such as PGP disk, but to my knowledge there is no Linux support for them.